After using the above settings in Cablenut all these years I have further experimented with increasing my DSL speed. My speed seemed like it got faster and less jerky after adding the "Protect Against SYN Attacks" tweaks below. After using Cablenut manually add these settings in the registry:

Protect Against SYN AttacksA SYN attack exploits a vulnerability in the TCP/IP connection establishment mechanism. To mount a SYN flood attack, an attacker uses a program to send a flood of TCP SYN requests to fill the pending connection queue on the server. This prevents other users from establishing network connections.To protect the network against SYN attacks, follow these generalized steps, explained later in this document: Enable SYN attack protection Set SYN protection thresholds Set additional protectionsEnable SYN Attack ProtectionThe named value to enable SYN attack protection is located beneath the registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters.Value name:SynAttackProtectRecommended value: 2Valid values: 0, 1, 2Description: Causes TCP to adjust retransmission of SYN-ACKS. When you configure this value the connection responses timeout more quickly in the event of a SYN attack. A SYN attack is triggered when the values of TcpMaxHalfOpen or TcpMaxHalfOpenRetried are exceeded.Set SYN Protection ThresholdsThe following values determine the thresholds for which SYN protection is triggered. All of the keys and values in this section are under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are: Value name:TcpMaxPortsExhausted Recommended value: 5 Valid values: 065535 Description: Specifies the threshold of TCP connection requests that must be exceeded before SYN flood protection is triggered. Value name:TcpMaxHalfOpen Recommended value data: 500 Valid values: 10065535 Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state. When SynAttackProtect is exceeded, SYN flood protection is triggered. Value name:TcpMaxHalfOpenRetried Recommended value data: 400 Valid values: 8065535 Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state for which at least one retransmission has been sent. When SynAttackProtect is exceeded, SYN flood protection is triggered. Set Additional ProtectionsAll the keys and values in this section are located under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are: Value name:TcpMaxConnectResponseRetransmissions Recommended value data: 2 Valid values: 0255 Description: Controls how many times a SYN-ACK is retransmitted before canceling the attempt when responding to a SYN request. Value name:TcpMaxDataRetransmissions Recommended value data: 2 Valid values: 065535 Description: Specifies the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection. Value name:EnablePMTUDiscovery Recommended value data: 0 Valid values: 0, 1 Description: Setting this value to 1 (the default) forces TCP to discover the maximum transmission unit or largest packet size over the path to a remote host. An attacker can force packet fragmentation, which overworks the stack. Specifying 0 forces the MTU of 576 bytes for connections from hosts not on the local subnet. Value name:KeepAliveTime Recommended value data: 300000 Valid values: 804294967295 Description: Specifies how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet. Set NetBIOS ProtectionsAll the keys and values in this section are located under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt\Parameters. These keys and values are: Value name:NoNameReleaseOnDemand Recommended value data: 1 Valid values: 0, 1 Description: Specifies to not release the NetBIOS name of a computer when it receives a name-release request. Use the values that are summarized in Table 1 for maximum protection.Table 1 Recommended Values

Value Name Value (REG_DWORD) EnableICMPRedirect 0 Protect Against SNMP AttacksThe named value in this section is located under the registry key HKLM\System\CurrentControlSet\Services\Tcpip\Parameters.Value:EnableDeadGWDetectRecommended value data: 0Valid values: 0 (disabled), 1, (enabled)Description: Prevents an attacker from forcing the switching to a secondary gatewayUse the value summarized in Table 3 for maximum protection.Table 3 Recommended Values

Value Name Value (REG_DWORD) EnableDeadGWDetect 0 AFD.SYS ProtectionsThe following keys specify parameters for the kernel mode driver Afd.sys. Afd.sys is used to support Windows sockets applications. All of the keys and values in this section are located under the registry key HKLM\System\CurrentControlSet\Services\AFD\Parameters. These keys and values are: Value:EnableDynamicBacklog Recommended value data: 1 Valid values: 0 (disabled), 1 (enabled) Description: Specifies AFD.SYS functionality to withstand large numbers of SYN_RCVD connections efficiently. For more information, see "Internet Server Unavailable Because of Malicious SYN Attacks," at http://support.microsoft.com/default.aspx?scid=kb;en-us;142641. Value name:MinimumDynamicBacklog Recommended value data: 20 Valid values: 04294967295 Description: Specifies the minimum number of free connections allowed on a listening endpoint. If the number of free connections drops below this value, a thread is queued to create additional free connections Value name: MaximumDynamicBacklog Recommended value data: 20000 Valid values: 04294967295 Description: Specifies the maximum total amount of both free connections plus those in the SYN_RCVD state. Value name:DynamicBacklogGrowthDelta Recommended value data: 10 Valid values: 04294967295 Present by default: No Description: Specifies the number of free connections to create when additional connections are necessary. Use the values summarized in Table 4 for maximum protection.Table 4 Recommended Values

Value Name Value (REG_DWORD) EnableDynamicBacklog 1 MinimumDynamicBacklog 20 MaximumDynamicBacklog 20000 DynamicBacklogGrowthDelta 10 Additional ProtectionsAll of the keys and values in this section are located under the registry key HKLM\System\CurrentControlSet\Services\Tcpip\Parameters.Protect Screened Network DetailsNetwork Address Translation (NAT) is used to screen a network from incoming connections. An attacker can circumvent this screen to determine the network topology using IP source routing.Value:DisableIPSourceRoutingRecommended value data: 1Valid values: 0 (forward all packets), 1 (do not forward Source Routed packets), 2 (drop all incoming source routed packets).Description: Disables IP source routing, which allows a sender to determine the route a datagram should take through the network.Do Not Forward Packets Destined for Multiple HostsMulticast packets may be responded to by multiple hosts, resulting in responses that can flood a network.Value:EnableMulticastForwardingRecommended value data: 0Valid range: 0 (false), 1 (true)Description: The routing service uses this parameter to control whether or not IP multicasts are forwarded. This parameter is created by the Routing and Remote Access Service.Only Firewalls Forward Packets Between NetworksA multi-homed server must not forward packets between the networks it is connected to. The obvious exception is the firewall.Value:IPEnableRouterRecommended value data: 0Valid range: 0 (false), 1 (true)Description: Setting this parameter to 1 (true) causes the system to route IP packets between the networks to which it is connected.Mask Network Topology DetailsThe subnet mask of a host can be requested using ICMP packets. This disclosure of information by itself is harmless; however, the responses of multiple hosts can be used to build knowledge of the internal network.Value:EnableAddrMaskReplyRecommended value data: 0Valid range: 0 (false), 1 (true)Description: This parameter controls whether the computer responds to an ICMP address mask request.Use the values summarized in Table 5 for maximum protectionTable 5 Recommended Values

Value Name Value (REG_DWORD) DisableIPSourceRouting 1 EnableMulticastForwarding 0 IPEnableRouter 0 EnableAddrMaskReply 0 PitfallsWhen testing the changes of these values, test against the network volumes you expect in production. These settings modify the thresholds of what is considered normal and are deviating from the tested defaults. Some may be too narrow to support clients reliably if the connection speed from clients varies greatly.